How Did My Credit Card Info Get Stolen?
Nobody likes dealing with credit card fraud. It can be embarrassing and difficult to admit that you’ve been a victim. At Sift Science, we often hear from our customers about 2AM nights at the office spent triaging thousands of orders that were placed with stolen credit cards. Today, we thought it would be helpful to understand how it all starts. To do this, we need to go underground deep inside criminal territory. It goes without saying that credit card fraud is malicious and illegal. It can result in felony charges added with several years of imprisonment in jail.
Simply put, credit card fraud starts with theft. With determination and time, fraudsters can obtain credit card numbers and information at any price. In fact, an entire underground economy, complete with moderators and reviewers, exists for criminals to buy and sell your information online. Databases of people’s names, credit card numbers, and even complete bank account login information (also known as “FULLINFO” or “FULLZ”) can be sold anywhere from $2 to $50. “Carders” as these thieves are called, even share tutorials and spread information on which sites are vulnerable to attack.
The act of the theft itself can take shape in a number of ways. The most common is through hacking databases, sending phony emails (also known as “phishing”), and exploiting security holes. Sophisticated carders usually hoard the information and sell them in bulk to consolidators. The consolidators then sell them on the black market lurking in secret online forums or chat rooms. They even offer flash sales on bulk discounts.
Once thieves obtain these credit card numbers, they run test transactions to make sure the cards are valid. In the old days, thieves would encode the credit card numbers onto fake plastic cards. Today, with the increasing prevalence of online payments, thieves first test them on sites by buying small ticket items (e.g. $3 earrings) or signing up on sites that offer free product trials. Once they verify that the card works, they move on to bigger ticket items, leading to outright theft and chargeback fraud.
By the time we realize we have been victims of fraud, it’s too late. Goods will have been shipped and gifts cards redeemed. It shouldn’t be a surprise then that fraud has caused over $5B in losses a year and has shut down thousands of businesses.
To learn more about simple steps you can take to prevent credit fraud yourself, check out Federal Trade Commission’s article, Protecting Against Credit Card Fraud and CreditCards.com’s article, How to protect your cards and accounts online.
